Privacy Notice On Processing Of Users' Personal Data
Version 1.2, April 2023
This Privacy Notice describes how and why Einride AB (“Einride” or “We” or “Our”) collect and process your personal data when you use Einride's services and what rights you have. If you are located in Singapore, please view the Privacy Notice (Singapore) instead.Einride as data processor
We collect your personal data as described below in order to provide Einride's services, such as the driver app, the customer portal or the carrier partner portal, that you use when representing your company.
The data controller for such processing is your employer or, if you are engaged as a sole proprietor, your principal (hereinafter referred to as the "Company").
Please contact the Company if you have any questions about the processing of your personal data, of which the Company is the controller.
Einride as data controller
We also process some of your personal data for Our own purposes as further specified below, for example in order to be able to develop Our products and services.
In such cases, Einride AB, company reg. no. 559074-8926, is the data controller for the processing of your personal data.
Please feel free to contact us if you have any questions about Our processing, see Our contact details below.
PERSONAL DATA THAT WE PROCESS AND HOW WE COLLECT IT
We collect the following personal data about you:
- Name and contact details. First name, last name, phone number, email address.
- Login details. Email address and password.
- Device information. IP address, browser settings, operating system and platform etc.
- Information on how you interact with Us. For example, how you use the Einride Saga Platform, any download errors etc.
If you are a driver operating an Einride truck we also collect the following personal data about you:
- Location data. The location of the vehicle you operate.
- Transport planning data. For example, your driving schedule, availability windows, breaks and loading/unloading time.
SOURCES OF PERSONAL DATA
Your personal data is collected from different sources:
- From you, We collect your name and contact details, login details provided during account creation.
- When you use Einride's services, We collect device information and information on how you interact with Us.
- If you are a driver, from the Einride truck you operate, We collect your Location data and Transport planning data.
PURPOSES, LAWFUL BASIS AND RETENTION PERIODS
Processing carried out by Einride as data processor
We process most of the personal data about you on behalf of the Company. The legal basis for the processing carried out by Einride on the Company's behalf is typically that the processing is necessary for the performance of your contract with the Company or for the purposes of the legitimate interests pursued by the Company, applicable as further specified by the Company.
The retention periods for each purpose are set out in the table below.
| Why we process Personal Data | Lawful Basis for Processing | Retention Periods |
|---|---|---|
| To create and administrate your user account | As further decided by the Company as set out above. | Personal data will be processed for this purpose until the user account is deleted. When a user account is deactivated by you or the Company, e.g. when you end your employment, the personal data is kept for a period of after such deactivation, in order to allow for reactivation. |
| To be able to plan and carry out the transports ordered by Einride's customers | As further decided by the Company as set out above. | Personal data will be processed for this purpose the transport ordered by Einride's customer is executed, unless they must be retained due to legal requirements, for purposes of safety, security and fraud prevention. |
| To provide support services for Einride's customers and the Company | As further decided by the Company as set out above. | Personal data will be processed for this purpose until the user account is deleted, unless they must be retained due to legal requirements, for purposes of safety, security, and fraud prevention. |
| To communicate with you | As further decided by the Company as set out above. | Personal data will be processed for this purpose until the user account is deleted, unless they must be retained due to legal requirements, for purposes of safety, security, and fraud prevention. |
| In order for the content on Our platform to be presented effectively for you on the device that you use | As further decided by the Company as set out above. | Personal data will be processed for this purpose until the user account is deleted, unless they must be retained due to legal requirements, for purposes of safety, security, and fraud prevention. |
Processing carried out by Einride as data controller
We process personal data about you for Our own purposes as described below. The lawful basis for such processing as well as retention periods per each purpose are also set out in the table below.
| Why We Process Personal Data | Lawful Basis for Processing | Retention Periods |
|---|---|---|
| To conduct analyzes, including user experience analysis, and to improve and develop Our existing and new products and services. | Einride's legitimate interest to develop accurately functioning services with adequate functions | Personal data will be processed for this purpose until the user account is deleted. |
| To investigate errors or other anomalies in the platform and to defend Einride from potential legal claims | Einride's legitimate interests to defend Einride from legal claims | As Einride's customers have the right to present legal claims during a period of ten years, such personal data must be stored for ten years as well in order to defend Einride from such claims. |
RECIPIENTS OF PERSONAL DATA
For the purposes listed above, your personal data may be shared with other trusted business partners of Einride, such as Our IT-suppliers, as necessary in order for Us to provide the Einride services. We may also share your personal data with other trusted business partners of Einride, such as companies that help Us with marketing services. Your personal data will also be disclosed to authorities, if We are obliged to do so by law. If and when we share your personal data with other actors, we always make sure to protect your personal data, for example by entering into necessary agreements, such as data processing agreements with the relevant parties.
Some personal data about you may be processed by trusted business partners of Einride as well as by other entities within the Einride Group, located outside of the EU/EEA. However, such processing is done using appropriate transfer mechanisms with appropriate safeguards in place, such as conclusion of European Commission's standard contract clauses.
SECURITY
We are committed to protect your personal data. We take all appropriate and reasonable legal, technical and organizational security measures to adequately protect the personal data about you that We process. Our security measures are continuously improved in line with the development of available security products and services.
YOUR RIGHTS AND HOW TO EXERCISE THEM
You have the following rights:- You have the right to request and obtain information about how the personal data about you are processed and receive access to the personal data (right of access).
- If you consider personal data about you to be inaccurate and/or incomplete, you have the right to request rectification and/or completion of your personal data (right to rectification).
- Under some circumstances, you have the right to request erasure of personal data concerning you or request restriction of Our processing of personal data. Restriction means that personal data will only be processed for certain limited purposes.
- In case the lawful basis for the processing is the legitimate interest of Us or the Company (as further specified in the tables above), you have the right to object to such processing.
You are welcome to contact Einride if you wish to make any request in accordance with above related to Einride's processing of your personal data, or if you have any question about Our processing of personal data. If you have any questions about the personal data processing carried out by the Company specifically, you should contact the Company.
If you consider Our processing to be wrongful or in breach of the GDPR, you have the right to lodge a complaint or report an infringement of the GDPR to the supervisory authority in the EU member state of your habitual residence, place of work or place of an alleged infringement of the GDPR. In Sweden this is the Swedish Authority for Data Protection (Sw: Integritetsskyddsmyndigheten (https://www.imy.se/).
CHANGES
We may change this Privacy Notice, from time to time, by publishing an updated version on Our website. All changes take effect automatically 30 days after they are published. However, if we make changes to our privacy notice that are deemed necessary to fulfill obligations under law or the authority's statement or decision, the new version shall apply immediately after it is published on Our website.
CONTACT DETAILS TO EINRIDE
Please do not hesitate to contact us if you have any questions about this Privacy Notice or would like to exercise any of your rights set out above.Email address: dataprotection@einride.tech
Postal Address: Einride AB, Regeringsgatan 65, 111 56 Stockholm.